DragonFlyBSD Kernel Audit
← dashboard
DF-0413

Primitive parse functions write to output buffer without checking *buflen: missing defense-in-depth bounds check

Summary

ng_int8/16/32/64_parse(:346,:445,:547,:645) + string_parse(:741) + sizedstring_parse(:912): bcopy value to buf without checking *buflen>=sizeof(value). Contrast getDefault() functions DO check(:392 ERANGE). Caller ng_parse_composite only guarantees vlen>=1. Latent OOB write if caller provides undersized buffer. Defense-in-depth.